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(57) A systenn for restricting access to transmitted 
programnning content is disclosed, which transnnits the 
encryption key used to encrypt the progrann to the cus- 
tonner with the encrypted programnning content. A set- 
top terminal or similar mechanism restricts access to the 
transmitted multimedia information using stored decryp- 
tion keys. The set-top terminal preferably receives one 
or more package keys, SJ, periodically from the sen^ice 
provider, each corresponding to a package of programs 
that the customer is entitled to for a given period. Each 
program is preferably encrypted by the head-end server 
pnor to transmission using a program key KP, which 
may be unique to the program. Header information is 
transmitted with the encrypted program to the custom- 
ers, containing a package pair tor each package to 
which the program belongs. A package pair preferably 
includes an identifier of the package, as well as the pro- 
gram key, KP, encrypted by the corresponding package 
key, SJ. The broadcast of a given program, p, preferably 
consists of a header portion containing a package pair 
for each package that the program belongs to, and a 
program portion containing the program encrypted with 
the program key, KP If a customer Is entitled to a par- 
ticular program, the set-top terminal will be able to de- 
crypt the encrypted program key. KP. using an appropri- 
ate stored package key SJ, and thereafter use the pro- 
gram key, KP, to decrypt the encrypted program. The 
header information can be interleaved with the program 
portion or transmitted on a separate dedicated control 
channel. 
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Description 

FIELD OFTHEINVENTiON 

[0001] The present invention relates generally to a 
system for restricting access to transmitted program- 
ming content, and more particularly, to a system tor 
transmitting an encrypted program together with the en- 
cryption key used to encrypt the program. 

BACKGROUND OF THE INVENTION 

[0002] As the number of channels available to televi- 
sion viewers has increased, along with the diversity of 
the programming content available on such channels, it 
has become increasingly challenging for sen/ice provid- 
ers, such as cable television operators and digital sat- 
ellite service operators, to offer packages of channels 
and programs that satisfy the majority of the television 
viewing population. The development of packages that 
may be offered to customers is generally a marketing 
function. Generally, a service provider desires to offer 
packages of various sizes, from a single program to all 
the programs, and various combinations in between. 
[0003] The service provider typically broadcasts the 
television programs from a transmitter, often referred to 
as the "head-end." to a large population of customers. 
Each customer is typically entitled only to a subset of 
the received programming, associated with purchased 
packages. In a wireless broadcast environment, for ex- 
. ample, the transmitted programming can be received by 
anyone with an appropriate receiver, such as an anten- 
na or a satellite dish. Thus, in order to restrict access to 
a transmitted program to authorized customers who 
have purchased the required package, the service pro- 
vider typically encrypts the transmitted programs and 
provides the customer with a set-top terminal (STT) con- 
taining one or more decryption keys which may be uti- 
lized to decrypt programs that a customer is entitled to. 
In this manner, the set-top terminal receives encrypted 
transmissions and decrypts the programs that the cus- 
tomer is entitled to, but nothing else. 
[0004] In order to minimize piracy of the highly sensi- 
tive information stored in the set-top terminals, including 
the stored decryption keys, the set-top terminals typical- 
ly contain a secure processor and secure memory, typ- 
ically having a capacity on the order of a few kilobits, to 
store the decryption keys . The secure memory is gen- 
erally non-volatile, and tamper-resistant. In addition, the 
secure memory is preferably writable, so that the keys 
may be reprogrammed as desired, for example, for each 
billing period. The limited secure memory capacity of 
conventional set-top terminals limits the number of keys 
that may be stored and thereby limits the number of 
packages which may be offered by a service provider. 
It is noted that the number of programs typically broad- 
cast by a service provider during a monthly billing period 
can be on the order of 200,000. 



[0005] In one variation, conventional set-top terminals 
contain a bit vector having a bit entry corresponding to 
each package of programs offered by the service pro- 
vider. Typically, each package corresponds to one tele- 

5 vision channel. If a particular customer is entitled to a 
package, the corresponding bit entry in the bit vector 
stored in the set-top terminal is set to one ("1"). There- 
after, all programs transmitted by the service provider 
are encrypted with a single key Upon receipt of a given 

10 program, the set-top terminal accesses the bit vector to 
determine if the corresponding bit entry has been set. If 
the bit entry has been set. the set-top terminal utilizes a 
single stored decryption key to decrypt the program. 
[0006] While, in theory, flexibility is achieved in the bit 

75 vector scheme by providing a bit entry for each program, 
the length of the bit vector would be impractical in a sys- 
tem transmitting many programs in a single billing peri- 
od. In addition, access control in such a system is pro- 
vided exclusively by the entries in the bit vector and is 

20 not cryptographic. Thus, if a customer is able to over- 
write the bit vector, and set all bits to one (T), then the 
customer obtains access to all programs. 
[0007] In a further variation, programs are divided into 
packages, and all programs in a given package are en- 

25 crypted using the same key Again, each package typi- 
cally corresponds to one television channel. The set-top 
terminal stores a decryption key for each package the 
customer is entitled to. Thus, if a program is to be in- 
cluded in a plurality of packages, then the program must 

30 be retransmitted for each associated package, with 
each transmission encrypted with the encryption key 
corresponding to the particular package. Although the 
access control is cryptographic, the overhead associat- 
ed with retransmitting a given program a number of 

35 times discourages sen/ice providers from placing the 
same program in a number of packages and thereby lim- 
its flexibility in designing packages of programs. 
[0008] While such previous systems for encrypting 
and transmitting programming content have been rela- 
te tively successful in restricting access to authorized cus- 
tomers, they do not permit a service provider, such as 
a television network, to offer many different packages 
containing various numbers of programs to customers, 
without exceeding the limited secure memory capacity 

45 of the set-top temninal. As apparent from the above-de- 
scribed deficiencies with conventional systems for 
transmitting encrypted programming content, a need 
exists for a system for transmitting a program encrypted 
with a unique key. together with the unique key used to 

50 encrypt the program. A further need exists for a system 
that permits a service provider to include a program in 
a plurality of packages, without requiring the service pro- 
vider to retransmit the program for each package. Yet 
another need exists for an access control system that 

55 overcomes the secure memory limitations of the set-top 
terminal without significantly increasing the overhead 
associated with the transmitted programming content. 
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SUMMARY OF THE INVENTION 

[0009] Generally, encrypted progrannming content is 
transmitted by a sen^ice provider using a transnnitter, or 
head-end server, to one or nnore customers. According s 
to one aspect of the invention, the encryption key used 
to encrypt the program is transmitted to the customer 
with the programming content. Each customer pretera- 
bly has a set-top terminal or another mechanism to re- 
strict access to the transmitted multimedia information 
using decryptiori keys. According to a further aspect of 
the invention, the set-top terminal preferably receives 
one or more package keys, SJ, periodically from the 
head-end, each corresponding to a package of pro- 
grams that the customer is entitled to for a given period. 
[0010] Each program is preferably encrypted by the 
head-end server prior to transmission, using a program 
key, KP, which may be unique to the program. In addition 
to transmitting the encrypted program, the head-end 
server preferably transmits header information to the 
customers, containing a package pair for each package 
to which the program belongs. A package pair prefera- 
bly includes an identifier of the package, as well as the 
program key, KP, encrypted by the corresponding pack- 
age key, SJ. Thus, In one embodiment, the broadcast 
of a given program, p, consists of a header portion con- 
taining a package pair for each package that the pro- 
gram belongs to, and a program portion containing the 
* program encrypted with the program key, KP. In this 
manner, if a customer is entitled to a particular program, 
the set-top terminal will be able to decrypt the encrypted 
program key, KP, using the appropriate stored package 
key, SJ, and thereafter use the program key, KP, to de- 
crypt the encrypted program. In various embodiments, 
the header information can be interleaved with the pro- 
gram portion or transmitted on a separate dedicated 
control channel. 

[0011] A more complete understanding of the present 
invention, as well as further features and advantages of 
the present invention, will be obtained by reference to 
the following detailed description and drawings. 

BRIEF DESCRIPTION OF THE DRAWINGS 

[0012] 

FIG. 1 is a schematic block diagram illustrating a 
system for transmitting encrypted programming 
content in accordance with one embodiment of the 
present invention; 

FIG. 2 is an example of the data format of an en- 
crypted program together with a package pair for 
each package the program belongs to, containing 
the encryption key used to encrypt the program; 

FIG. 3 is a schematic block diagram of an exempla- 
ry, head-end server of FIG. 1; 



FIG. 4 is a schematic block diagram of an exempla- 
ry receiver of FIG. 1 ; 

FIG. 5 illustrates a sample table from the program 
database of FIG. 4; 

FIG. 6 illustrates a sample table from the package 
database of FIG. 4; 

FIG. 7 illustrates a sample table from the entitle- 
ment database of FIG. 5; 

FIG . 8 is a flow chart describing an exemplary trans- 
mit process as implemented by the head-end sen/er 
of FIG.3 ; and 

FIGS. 9a and 9b, collectively, are a flowchart de- 
scribing an exemplary decode process as imple- 
mented by the receiver of FIG. 4. 

DETAILED DESCRIPTION 

[0013] FIG. 1 shows an illustrative network environ- 
ment for transferring encrypted multimedia information, 
such as video, audio and data, from a service provider 
using a transmitter, such as a head-end server 300, to 
one or more customers having set-top terminals 
400-401, such as the set-top terminal 400, over one or 
more distribution networks 110. As used herein, a set- 
top terminal Includes any mechanism to restrict access 
to the transmitted multimedia information using decryp- 
tion keys, including, for example, a computer configura- 
tion, as well as telecommunications equipment. It Is pos- 
sible for software executed by the set-top terminal to be 
downloaded by the service provider. The distribution 
network 110 can be a wireless broadcast network for 
distribution of programming content, such as a digital 
satellite service (°DSS ") or a conventional wired net- 
work, such as the cable television network {"CATV"), the 
Public Switched Telephone Network ("PSTN"), an opti- 
cal network, a broadband integrated services digital net- 
work ("ISDN") or the Internet. 
[0014] According to a feature of the present invention, 
the set-top terminal 400, discussed further below In con- 
junction with FIG. 4, intermittently receives one or more 
package keys, SJ, from the head-end sen/er 300, dis- 
cussed further below in conjunction with FIG. 3, each 
corresponding to a package that the customer is entitled 
to for a given time Interval, such as a billing period. As 
used herein, a package is a predefined set of programs, 
and a given program can belong to one or more pack- 
ages. A program is any continuous multimedia transmis- 
sion of a particular length, such as a television episode 
or a movie. The package keys, SJ, can be downloaded 
from the head-end server 300 to the set-top tenninal 400 
using any suitably secure uni-directional or bi-direction- 
al protocol, as would be apparent to a person of ordinary 
skill. 
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[0015] As discussed further below, each transmitted 
program is encrypted by the head-end sen/er 3O0 using 
a program key, KP, which may be unique to the program. 
For a detailed discussion ot suitable encryption and se- 
curity techniques, see B. Schneier, Applied Cryptogra- 
phy (2d ed- 1997), incorporated by reference herein. In 
addition to transmitting the encrypted program, the 
head-end server 300 also transmits header information 
to the set-top terminals 400, containing a package pair 
for each package to which the program belongs. A pack- 
age pair includes an identifier of the package, as well as 
the program key, KP, encrypted by the corresponding 
package key, SJ. 

[0016] Thus, as shown in FIG. 2, the broadcast of a 
given program, p, consists of a header portion 210 con- 
taining a package pair 230 for each package that the 
program belongs to, and a program portion 220 contain- 
ing the program encrypted with the program key, KP. In 
this manner, if a customer is entitled to a particular pro- 
gram, the set-top terminal 400 will be able to deciypt the 
encrypted program key, KP, using the appropriate stored 
package key, SJ, and thereafter use the program key, 
KP, to decrypt the encrypted program. 
[0017] FIG. 3 is a block diagram showing the archi- 
tecture of an illustrative head-end server 300. The head 
end may be associated with a television network, a ca- 
ble operator, a digital satellite sen/ice operator, or any 
service provider transmitting encrypted programming 
content. The head-end server 300 may be embodied, 
for example, as an RS 6000 sen/er, manufactured by 
IBM Corp., as modified herein to execute the functions 
and operations of the present invention. The head-end 
server 300 preferably includes a processor 310 and re- 
lated memory, such as a data storage device 320. The 
processor 310 may be embodied as a single processor, 
or a number of processors operating in parallel. The da- 
ta storage device 320 and/or a read only memory (ROM) 
are operable to store one or more instructions, which 
the processor 31 0 is operable to retrieve, interpret and 
execute. The processor 310 preferably includes a con- 
trol unit, an arithmetic logic unit (ALU), and a local mem- 
ory storage device, such as, for example, an instruction 
cache or a plurality of registers, in a known manner. The 
control unit is operable to retrieve instructions from the 
data storage device 320 or ROM. The ALU is operable 
to perform a plurality of operations needed to carry out 
instructions. The local memory storage device is oper- 
able to provide high-speed storage used for storing tem- 
porary results and control information. 
[0018] As discussed further below in conjunction with 
FIGS. 5 and 6, the data storage device 320 preferably 
includes a program database 500 and a package data- 
base 600, The program database 500 preferably stores 
information on each program, p, which will be transmit- 
ted by the head-end server 300, for example, during a 
given billing period, including the packages the program 
belongs to and the corresponding program key, KP. The 
package database 600 preferably stores information on 



each package offered by the head-end sen/er 300 to 
customers, including the name of each package and the 
corresponding package key, SJ. 
[0019] In addition, as discussed further below in con- 

5 junction with FIG. 8, the data storage device 320 pref- 
erably includes a transmit process 800. Generally, the 
transmit process 800 identifies the program key, KP, of 
a given program and the packages that the program be- 
longs to, in order to generate the package pairs to be 

10 transmitted along with the encrypted program. The com- 
munications port 330 connects the head-end server 300 
to the distribution network 1 1 0, thereby linking the head- 
end server 300 to each connected receiver, such as the 
set-top terminal 400 shown in FIG. 1 . 

15 [0020] FIG. 4 is a block diagram showing the archi- 
tecture of an illustrative set-top terminal 400. The set- 
top terminal 400 may be embodied, for example, as a 
set-top terminal (STT) associated with a television, such 
as those commercially available from General Instru- 

20 ments Corp., as modified herein to execute the functions 
and operations of the present invention. The set-top ter- 
minal 400 preferably includes a processor 410 and re- 
lated memory, such as a data storage device 420, as 
well as a communication port 430, which operate in a 

25 similar manner to the hardware described above in con- 
junction with FIG. 3. 

[0021] As discussed further below in conjunction with 
FIG. 7, the data storage device 420 preferably includes 
an entitlement database 700. The entitlement database 

30 700 is preferably stored in a secure portion of the data 
storage device 420. The entitlement database 700 pref- 
erably stores a package identifier and the corresponding 
package key SJ, for each package that the customer is 
entitled to. In addition, as discussed further below in 

35 conjunction with FIGS. 9a and 9b, the data storage de- 
vice 420 preferably includes a decode process 900. 
Generally, the decode process 900 decrypts programs 
that a customer is entitled to, by using the corresponding 
stored package key, SJ, to decrypt the transmitted pro- 

40 gram key KP, and then using the program key KP. to 
decrypt the program. 

[0022] FIG. 5 illustrates an exemplary program data- 
base 500 that preferably stores information on each pro- 
gram, p, which will be transmitted by the head-end sen/- 

45 er 300, for example, during a given billing period, includ- 
ing the packages the program belongs to and the cor- 
responding program key. KR The program database 
500 maintains a plurality of records, such as records 
505-520, each associated with a different program. For 

50 each program identified by program name in field 525, 
the program database 500 includes an indication of the 
corresponding packages to which the program belongs 
in field 530 and the corresponding program key, KR in 
field 535. 

55 [0023] FIG. 6 illustrates an exemplary package data- 
base 600 that preferably stores infornnation on each 
package offered by the head-end server 300 to custom- 
ers, including the name of each package and the corre- 
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spending package key, SJ. The package database 600 
maintains a plurality ot records, such as records 
605-640, each associated with a different package. For 
each package identified by a package identifier in field 
650, the package database 600 includes an Indication 
of the corresponding package name in field 660 and the 
corresponding package key, SJ, in field 670. 
[0024] FIG. 7 illustrates an exemplary entitlement da- 
tabase 700 that preferably stores a package identifier 
and the corresponding package key, SJ, for each pack- 
age that the customer is entitled to. The entitlement da- 
tabase 700 maintains a plurality of records, such as 
records 710-720, each associated with a different enti- 
tled package. For each package identified by a package 
identifier in field 725, the entitlement database 700 in- 
cludes an indication of the corresponding package key, 
SJ, in field 735. 

[0025] As discussed above, the head-end server 300 
preferably executes a transmit process 800, shown in 
FIG. 8. to identity the program key, KR o1 a given pro- 
gram and the packages that the program belongs to, in 
order to generate the package pairs to be transmitted 
along with the encrypted program. It Is noted that the 
transmit process 800, other than the actual transmission 
step, can be executed offline or in real-time. As illustrat- 
ed in FIG. 8, the transmit process 800 begins the proc- 
esses embodying the principles of the present invention 
during step 810 by identifying a program to be transmit- 
ted. 

[0026] Thereafter, during step 820, the transmit proc- 
ess 800 retrieves the program key, KP. corresponding 
to the program and the list of packages to which the pro- 
gram belongs from the program database 500. For each 
package the program belongs to, the transmit process 
800 will then retrieve the package Identifier and the cor- 
responding package key, SJ, from the package data- 
base 600, to generate a package pair to be included in 
the transmitted header information. 
[0027] The program will then be encrypted during step 
840 with the program key, KP, retrieved during step 820. 
Finally, the transmit process 800 will transmit the en- 
crypted program together with the set of package pairs 
during step 850, before program control terminates dur- 
ing step 860. It is noted that the header information con- 
taining the package pairs are preferably transmitted pe- 
riodically interleaved throughout the transmission of the 
program information, so that a customer can change 
channels during a program and be able to obtain the 
transmitted keys which are required to decrypt the pro- 
gram. The overhead incurred by periodically transmit- 
ting the header information should be balanced against 
the delay a customer will incur after changing a channel 
until the required decryption keys are obtained. In an 
alternate embodiment, the header information contain- 
ing the package pairs can be continuously transmitted 
on a separate control channel, such as a Barker chan- 
nel. 

[0028] As discussed above, the set-top terminal 400 



preferably executes a decode process 900, shown in 
FIGS. 9a and 9b, to decrypt programs that a customer 
is entitled to, by using the corresponding stored package 
key, SJ. to decrypt the transmitted program key, KP, and 

5 then using the program key, KP, to decrypt the program. 
As Illustrated in FIG. 9a. the decode process 900 begins 
the processes embodying the principles of the present 
invention during step 910, upon receipt of a customer 
instruction to tune to a particular channel. 

10 [0029] Thereafter, the set-top terminal 400 will tune to 
the requested channel during step 920 to receive the 
appropriate signal. The decode process 900 then re- 
trieves the transmitted package pairs during step 930 
for the program transmitted on the requested channel. 

15 A test is then performed during step 940 to determine if 
the customer is entitled to a package containing the re- 
quested program. For example, the decode process 900 
will detennlne if a package identifier from one of the 
package pairs retrieved during step 930 matches a 

20 package identifier stored in the entitlement database 
700. 

[0030] If it is determined during step 940 that the cus- 
tomer Is not entitled to entitled to a package containing 
the requested program, then a message is preferably 

25 transmitted to the customer during step 950 indicating 
that the customer is not entitled to view the selected pro- 
gram, before program control terminates during step 
960. If, however, it is determined during step 940 that 
the customer is entitled to a package containing the re- 

30 quested program, then program control proceeds to 
step 970 (FIG. 9b). 

[0031 ] If the customer is entitled to view the requested 
program, then the decode process 900 retrieves the 
package key, SJ, corresponding to the entitled package 

35 from the entitlement database 700 during step 970 and 
then uses the retrieved package key, SJ, during step 
980 to decrypt the transmitted program key included in 
the transmitted header information, or on a separate 
control channel. Finally, the program itself is decrypted 

40 during step 990 using the program key, KP. during step 
990, before program control terminates during step 995. 
[0032] It is noted that the decode process 900 can 
wait for the customer to request a particular channel be- 
fore attempting to obtain the transmitted decryption keys 

45 and determine whether the customer is entitled to the 
requested channel, as described above, or the decode 
process 900 can alternatively periodically scan all chan- 
nels to obtain the transmitted package pairs for storage 
in the data storage device 420 and predetermine the 

50 customer's entitlement. 

[0033] It is to be understood that the embodiments 
and variations shown and described herein are merely 
illustrative of the principles of this invention and that var- 
ious modifications may be implemented by those skilled 

55 in the art without departing from the scope of the inven- 
tion. 
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Claims 

1. A method of transmitting a plurality of programs 
having restricted access to an end-user, said meth- 
od comprising the steps of: 

defining a plurality of packages, each package 
comprising at least one of said programs; 
providing a package key to said end-user for 
each package obtained by said end-user; 
encrypting a program to be transmitted to said 
end-user using a program key; and 
transmitting said encrypted program together 
with package information for each package 
said program belongs to, said package infor- 
mation including said program key encrypted 
with said package key. 

2. The method according to claim 1, wherein said 
package information further comprises an identifier 
of said associated package. 

3. The method according to claim 1 orclaim 2, wherein 
said package information is interleaved with the 
transmission of said encrypted program. 

4. The method according to claim 1 or claim 2, wherein 
said package information is transmitted on a control 
channel. 

5. A method for decoding an encrypted program as- 
sociated with a package of programs, said method 
comprising the steps of: 



wherein said package information is interleaved 
with the transmission of said encrypted program. 

9. The method according to any of claims 5 to 7, 
s wherein said package information is transmitted on 

a control channel. 

10. The method according to any of claims 5 to 9, 
wherein said package information is evaluated up- 

10 on a request to view said program. 

11. The method according to any of claims 5 to 9. 
wherein said package information is evaluated in 
advance of a request to view said program. 

15 

12. An article of manufacture comprising: 

a computer readable medium having computer 
readable code means embodied thereon, said 
20 computer readable program code means com- 

prising: 

a step to identity one or more packages asso- 
ciated with a program to be transmitted, each 
of said packages having an associated pack- 
25 age key; 

a step to encrypt said program to be transmitted 
to a plurality of customers using a program key; 
and 

a step to transmit said encrypted program to- 
30 gether with package information for each iden- 

tified package, said package information in- 
cluding said program key encrypted with said 
package key. 



25 



receiving said encrypted program together with 35 
package information, said package information 
including a program key encrypted with a pack- 
age key, said program key being used by a pro- 
vider of said program to encrypt said program; 
retrieving a package key corresponding to said 40 
package; 

decrypting said package information using said 
retrieved package key to obtain said program 
key; and 

decrypting said encrypted program using said 
program key. 

6. The method according to claim 5. further compris- 
ing the step of receiving one or more package keys 
from said provider, each package key correspond- so 
ing to a package of programs a customer is entitled 

to. 

7. The method according to claim 5 or claim 6 wherein 
said package information further comprises an 55 
identifier of said associated package. 



13. An article of manufacture comprising: 

a computer readable medium having computer 
readable code means embodied thereon, said 
computer readable program code means com- 
prising: 

a step to receive an encrypted program togeth- 
er with package information, said package in- 
formation including a program key encrypted 
with a package key, said program key being 
used to encrypt said program; 
a step to retrieve said package key correspond- 
ing to a package to which said encrypted pro- 
gram belongs; 

a step to decrypt said package information us- 
ing said retrieved package key to obtain said 
program key; and 

a step to decrypt said encrypted program using 
said program key 



8. 



The method according to any of claims 5 to 7, 
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